You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Gregg Smith <gl...@gknw.net> on 2016/12/18 01:04:33 UTC
RE: svn commit: r1773931 - in /apr/apr-util/branches/1.6.x: ./
crypto/ crypto/crypt_blowfish.c
Hi Yann,
> Author: ylavic
> Date: Tue Dec 13 08:39:51 2016
> New Revision: 1773931
>
> URL: http://svn.apache.org/viewvc?rev=1773931&view=rev
> Log:
> Merge r1773929 from trunk, follow up to r1772979.
>
> apr_crypto: blowfish: follow up to r1772803: also cap hash verification time.
>
>
> Modified:
> apr/apr-util/branches/1.6.x/ (props changed)
> apr/apr-util/branches/1.6.x/crypto/ (props changed)
> apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c
...
> Modified: apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c
> URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c?rev=1773931&r1=1773930&r2=1773931&view=diff
> ==============================================================================
> --- apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c (original)
> +++ apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c Tue Dec 13 08:39:51 2016
> @@ -684,7 +684,8 @@ static char *BF_crypt(const char *key, c
> }
>
> count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
> - if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
> + if (count < min || count > 17 ||
> + BF_decode(data.binary.salt, &setting[7], 16)) {
> __set_errno(EINVAL);
> return NULL;
> }
>
This makes testpass fail.
testpass : -Line 36: bcrypt encode password (720022): The
device does not recognize the command.
Reverting makes it work again. I assume r1773929 in trunk also.
Regards,
Gregg
Re: svn commit: r1773931 - in /apr/apr-util/branches/1.6.x: ./
crypto/ crypto/crypt_blowfish.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Sun, Dec 18, 2016 at 2:04 AM, Gregg Smith <gl...@gknw.net> wrote:
>
> This makes testpass fail.
Thanks Gregg, reverted in r1774976 (trunk) and r1774975 (1.6.x).
This was really not appropriate :/
Regards,
Yann.